16552: Nginx listens on all interfaces, not just loopback.

[arvados.git] / sdk / python / tests / nginx.conf

diff --git a/sdk/python/tests/nginx.conf b/sdk/python/tests/nginx.conf
index a4336049f2447bd18cf396cbec0b76e7cdf69356..1c624e324b7a37171fd0de1440cb042a8b2baee9 100644 (file)
--- a/sdk/python/tests/nginx.conf
+++ b/sdk/python/tests/nginx.conf
@@ -3,7 +3,6 @@
 # SPDX-License-Identifier: Apache-2.0
 
 daemon off;
-error_log "{{ERRORLOG}}" info;          # Yes, must be specified here _and_ cmdline
 events {
 }
 http {
@@ -11,29 +10,34 @@ http {
     '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
     '"$http_referer" "$http_user_agent"';
   access_log "{{ACCESSLOG}}" customlog;
-  client_body_temp_path "{{TMPDIR}}/nginx";
-  proxy_temp_path "{{TMPDIR}}/nginx";
-  fastcgi_temp_path "{{TMPDIR}}/nginx";
-  uwsgi_temp_path "{{TMPDIR}}/nginx";
-  scgi_temp_path "{{TMPDIR}}/nginx";
+  client_body_temp_path "{{TMPDIR}}";
+  proxy_temp_path "{{TMPDIR}}";
+  fastcgi_temp_path "{{TMPDIR}}";
+  uwsgi_temp_path "{{TMPDIR}}";
+  scgi_temp_path "{{TMPDIR}}";
   upstream controller {
-    server {{LISTENHOST}}:{{CONTROLLERPORT}};
+    server {{UPSTREAMHOST}}:{{CONTROLLERPORT}};
   }
   server {
     listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
     server_name controller ~.*;
     ssl_certificate "{{SSLCERT}}";
     ssl_certificate_key "{{SSLKEY}}";
+    client_max_body_size 0;
     location  / {
       proxy_pass http://controller;
       proxy_set_header Host $http_host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto https;
       proxy_redirect off;
+      proxy_max_temp_file_size 0;
+      proxy_request_buffering off;
+      proxy_buffering off;
+      proxy_http_version 1.1;
     }
   }
   upstream arv-git-http {
-    server {{LISTENHOST}}:{{GITPORT}};
+    server {{UPSTREAMHOST}}:{{GITPORT}};
   }
   server {
     listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
@@ -49,7 +53,7 @@ http {
     }
   }
   upstream keepproxy {
-    server {{LISTENHOST}}:{{KEEPPROXYPORT}};
+    server {{UPSTREAMHOST}}:{{KEEPPROXYPORT}};
   }
   server {
     listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
@@ -63,12 +67,13 @@ http {
       proxy_set_header X-Forwarded-Proto https;
       proxy_redirect off;
 
+      client_max_body_size 67108864;
       proxy_http_version 1.1;
       proxy_request_buffering off;
     }
   }
   upstream keep-web {
-    server {{LISTENHOST}}:{{KEEPWEBPORT}};
+    server {{UPSTREAMHOST}}:{{KEEPWEBPORT}};
   }
   server {
     listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
@@ -88,7 +93,7 @@ http {
     }
   }
   upstream health {
-    server {{LISTENHOST}}:{{HEALTHPORT}};
+    server {{UPSTREAMHOST}}:{{HEALTHPORT}};
   }
   server {
     listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
@@ -124,7 +129,7 @@ http {
     }
   }
   upstream ws {
-    server {{LISTENHOST}}:{{WSPORT}};
+    server {{UPSTREAMHOST}}:{{WSPORT}};
   }
   server {
     listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
@@ -142,11 +147,11 @@ http {
     }
   }
   upstream workbench1 {
-    server {{LISTENHOST}}:{{WORKBENCH1PORT}};
+    server {{UPSTREAMHOST}}:{{WORKBENCH1PORT}};
   }
   server {
     listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
-    server_name workbench1 workbench.*;
+    server_name workbench1 workbench1.* workbench.*;
     ssl_certificate "{{SSLCERT}}";
     ssl_certificate_key "{{SSLKEY}}";
     location  / {
@@ -157,4 +162,20 @@ http {
       proxy_redirect off;
     }
   }
+  upstream workbench2 {
+    server {{UPSTREAMHOST}}:{{WORKBENCH2PORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{WORKBENCH2SSLPORT}} ssl;
+    server_name workbench2 workbench2.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location / {
+      proxy_pass http://workbench2;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+    }
+  }
 }